REMARKS 

The present application was filed on November 26, 2003 with claims 1-20, all of which 
remain pending. Claims 1, 18 and 20 are the independent claims. 

Claims 1-20 are rejected under 35 U.S.C. § 103(a) as being unpatentable over allegedly 
admitted prior art in view of U.S. Patent No. 7,149,216 (hereinafter "Cheriton") and a document by 
J. Lee entitled "Security Overview" (hereinafter "Lee"). To reference the allegedly admitted prior 
art, the Examiner cites to the publication of the present application, U.S. Patent Application 
Publication No. 2005/01 14655. 

In this response, Applicants amend the specification to update related application 
information, and respectfully traverse the §103(a) rejection. Applicants respectfully request 
reconsideration of the application in view of the remarks to follow. 

Applicants submit that the Examiner has failed to establish a proper prima facie case of 
obviousness in the §103(a) rejection of claims 1-20 in that the cited references, even if assumed to 
be combinable, fail to teach or suggest all the claim limitations, and in that no cogent motivation has 
been identified for combining the references or modifying the reference teachings to reach the 
claimed invention. 

Independent claim 1 is directed to a method of generating a representation of an access 
control list. The method includes the steps of determining a plurality of rules of the access control 
list, each of at least a subset of the rules having a plurality of fields and a corresponding action, and 
processing the rules to generate a multi-level tree representation of the access control list, each of 
one or more of the levels of the tree representation being associated with a corresponding one of the 
fields. The claim further specifies that at least one level of the tree representation comprises a 
plurality of nodes, with two or more of the nodes of that level having a common subtree, and the tree 
representation including only a single copy of that subtree . Moreover, the tree representation is 
characterizable as a directed graph in which each of the two nodes having the common subtree 
points to the single copy of the common subtree. 

Thus, in the claimed arrangement, a given level of a tree representation of an access control 
list comprises two or more nodes that have a common subtree, but the representation only includes a 
single copy of that subtree, with each of the two nodes having the common subtree pointing to the 
single copy of the common subtree. 
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The Examiner in formulating the § 103(a) rejection acknowledges that the claim limitations 
relating to the common subtree are not shown in the collective teachings of the allegedly admitted 
prior art and Cheriton, See the Office Action at page 3, last paragraph, to page 4, first paragraph. 
However, the Examiner argues that these limitations are shown in the Take-Grant Model on page 12 
of Lee. Applicants respectfully disagree, and will demonstrate below that the Lee reference fails to 
meet the claim limitations relating to the common subtree. It should be understood that the 
following arguments directed to the Lee reference relative to the common subtree limitations of 
claim 1 are not attacking the Lee reference alone, but are instead intended to illustrate that the 
collective teachings of the allegedly admitted prior art, Cheriton and Lee fail to meet the limitations 
of claim 1 , 

The Examiner characterizes the Take-Grant Model on page 12 of Lee as disclosing two or 
more nodes of a level of a tree representation pointing to a single copy of a common subtree. See 
the Office Action at page 4, second paragraph. Applicants respectfully submit that this is a 
mischaracterization of Lee. Lee describes the Take-Grant Model as comprising a directed graph 
version of the access control matrix . In this model, the nodes can be subject or object, and the labels 
between the nodes can have the values read, write, execute, take or grant. The Examiner argues that 
the limitation in question is met because "a plurality of nodes 'x & y' at one level point[s] to one 
node 'y. "' It appears that there is an error in this argument, in that the latter reference to a node y of 
Lee in the quotation should instead be to a node z. Nonetheless, the argument, even as interpreted to 
refer to a node z, is problematic for a number of reasons. First, the nodes x and y in the model are 
different subjects of an access control matrix, which is apparent from the fact that subject x can take 
the rights of subject y. Thus, there is no indication that the two nodes share a common level of a tree 
representation . Lee does not provide any description whatsoever regarding levels, but instead 
merely discloses a directed graph with labeled lines between nodes representative of subjects and 
objects of an access control matrix. Further, the object node z shown in Lee is not a common 
subtree of a tree representation. Instead, it simply denotes a particular object that can be read (r) or 
written (w) by both subject x and subject y. 

It is therefore respectfully submitted that the Examiner has mischaracterized the Lee 
reference in alleging that the Take-Grant Model shown on page 1 2 of Lee meets the common subtree 
limitations of claim 1 , and thus the collective teachings of the cited references fail to meet each and 
every limitation of claim 1 . 
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Applicants further note that one skilled in the art would not be motivated to apply the Take- 
Grant Model of Lee to the M-trie plus data structure of Cheriton because the former is explicitly 
described as a directed graph version of an access control matrix, where the nodes can be only 
subjects or objects of the access control matrix. Such a model appears to be incompatible with the 
M-trie plus data structure as shown in FIG. 2 of Cheriton. Accordingly, it is believed that attempting 
to incorporate the Take- Grant Model of Lee into the M-trie plus data structure of Cheriton would not 
"optimize the ACL representation by improve [sic] speed further and reduce redundancy." See the 
Office Action at page 4, third paragraph. 

It is therefore believed that independent claim 1 is not obvious in view of the proposed 
combination of cited references. 

Independent claims 18 and 20 are believed allowable for reasons similar to those identified 
above with regard to independent claim 1. 

Dependent claims 2-17 and 1 9 are believed allowable for at least the reasons identified above 
with regard to their respective independent claims. 

Notwithstanding the traversal, Applicants have amended independent claims 1,18 and 20 to 
clarify that the common subtree referred to therein comprises at least one node that is not a leaf node 
of the tree representation. Thus, even if one assumed for purposes of argument that Lee at page 12 
teaches a tree representation having multiple levels, the object node z could not be construed as a 
common subtree of two nodes at a given level of such a representation. Support for the amendment 
can be found in the specification at, for example, page 12, line 18, to page 13, line 8, and in FIG. 3B 
of the drawings. 

Applicants submit that, given the foregoing traversal, the minor clarifying amendment made 
herein is not made for reasons relating to patentability over the cited references, but instead is made 
merely to expedite the prosecution. 
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In view of the above, Applicants believe that claims 1-20 are in condition for allowance, and 
respectfully request withdrawal of the § 103(a) rejection. 



Respectfully submitted, 
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Date: September 19, 2007 v —— ^Joseph B. Ryan 

Attorney for Applicant(s) 
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Ryan, Mason & Lewis, LLP 
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Locust Valley, NY 11560 
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